Le 13/01/2015 08:05, Christian Krbusek a écrit :
Hi,
thanks for consider running a mirror!
In fact you can't prevent that but you are also mirroring the signature files. So anybody downloading from any mirror - even the original host - should verify the downloads.
Cheers, Chris
How do we prevent a mirror admin from tempering with the served files ?
So let's pretend I want to push some malicous TBB bianries...
1) Nicely behave as a mirror for serveral month to get good reputation (if any)
2) Build malicious Bundles and sign them with a a bogus key carrying Erinn Clark's public info and replace the original files
3) publish this key to some keyserver
4) Modify /docs/verifying-signatures.html.en & /docs/signing-keys.html.en to have visitors retrieve and somewhat trust my key
5) Wait for people to download binaries and omit to verify signatures, let alone keys...
I could have a chance of pushing some dity bits out there, what do you think ?
Shouldn't these 2 files be excluded of the mirroring process ?